Lethe's Ccielogs

In the last post we’ve seen how to install and configure Exim to be our default MTA, in this article we’ll see how to install and configure an antivirus solution, ClamAV, so that all incoming and outgoing mail traffic will be scanned for viruses and malware.

First of all you need to get the latest version of ClamAV which as per this writing is 0.94.2, you can get the source code here, once you’ve downloaded it unzip the file in a temporary directory (/tmp in our example) with the command :

tar zxvf name-of-downloaded-file

As you’ve noticed ClamAV comes as source code, on the site you’ll find a few porting to .rpm or .deb but all are of the older versions that’s why I prefer to compile from source code, the dependencies to compile/install ClamAV are

- zlib and zlib-devel packages

- gcc compiler suite

All these packages should be available through your distro’s repositories.

ClamAV team suggests to install these optionally packages :

- bzip2 and bzip2-devel library

- GNU MP 3 which is not an MP3 player but a package used to verify the digital signatures of the virus databases and scripted updates. If freshclam was compiled without GMP support it will display "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES" on every update 

- check which is used for installation tests (personally I did not installed this)

Once you have all that it takes for the installation you need to create user and group that will be used by ClamAv, so open a terminal window and issue the following command :

- groupadd clamav this will add a group named clamav

- useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav this will create the user named clamav, will assign it to the group clamav and will disable his login via shell

Once we’ve created the user and the group for clamav we can finally proceed to the source code compilation with the following command (launched inside ClamAV package directory) :

./configure –sysconfdir=/usr/share/clamav

This will prepare the installation into the /usr/share/clamav directory, of course you can change this with any directory of your choice, next if any error is produced you can issue the make and make install commands :

make; make install

Of course I’ve omitted all the grabbled output these commands will produce on your screen trust me if there will be any problem you’ll notice it and the system will tell you what’s wrong. Now you can test your installation issuing the clamd command which should yield the following error :

clamd
ERROR: Please edit the example config file /usr/share/clamav/clamd.conf.
ERROR: Can't open/parse the config file /usr/share/clamav/clamd.conf

Pretty straightforward, this tell us the location of the configuration file and that we should edit it Open up clamd.conf with your favorite editor, I usually use VI, and start editing the file to suit your needs I’ll provide you with a working copy of my clamd.conf file, just in case you’re lazy as I am, but what we need to take care of are the following lines :

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

# Comment or remove the line below.
Example <—Comment this line and Clamd will start

Once you’ve done this clamd should start without any problem, you can test this with the command :

clamscan -r -l scan.txt somefile

Which will scan a file saving results in the scan.txt file, as you can see below :

———– SCAN SUMMARY ———–
Known viruses: 465915
Engine version: 0.94.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Time: 1.979 sec (0 m 1 s)

All that is left to do is to setup auto updating of our antivirus, this is done scheduling a Cron job for the update utility included with ClamAV which is called freshclam.

First of all create a log under /var/log/freshclam.log with the touch command and change owner to clamav user :

 touch /var/log/freshclam.log  chmod 600 /var/log/freshclam.log  chown clamav /var/log/freshclam

Now you should edit freshclam.conf to point the UpdateLogFile directive to match the path of the log we’ve just created, in our example /var/log/freshclam.log, again I’ll include this file in the post. If you need to specify proxy settings you can do so in the configuration file under this section :

# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

Last step will be creating the cron job to update ClamAV daily which can be done issuing the command crontab –e and putting a string similar the following :

N * * * *	/usr/sahre/clamav/freshclam –quiet

Where N is number of minutes so that freshclam will check for updates every N number of minutes, I usually use something like 53 but this is really up to you.

If you want to auto start ClamAV at boot time you can find a startup script, yes even this one will be included with the post, in the include directory of the ClamAV source code that contains startup scripts for the various distributions (the one you’ll find here will work with Red Hat distributions) you just need to modify the script with the correct paths to your clamd binary file and copy into the /etc/init.d directory (again this is Red Hat) and issue the command :

chkconfig --level 345 clamd on

This will create all the symlinks the system will need to start ClamAV at system startup.

Wow it was again a long post post but we’ve covered a lot of ground and have seen how to install and configure an ativirus/antimalware solution based on the Open Source project ClamAV, we’ve seen how to configure auto start of ClamAV and the process of auto update.

In the next article we’ll, finally!, cover ASSP installation and configuration and will see how to configure it so that our MTA will start eating SPAM for breakfast! Stay tuned the best has yet to come!

Lethe.

  Copyright secured by Digiprove © 2010

Article by Lethe

Lethe has written 169 awesome article(s) for us.

Daniele Catanesi, aka Lethe, is the mind behing Lethe's Ccielogs. He is a veteran of the IT industry with more than ten years of experience in the various fields. Daniele has been mainly working as IT Architect and Trainer for a lot of Enteprise customers implementing cutting edge technologies and complex solutions. Daniele currently holds various certification among which MCITP, CCNP, LPI, Citrix and working tirelessly to his RHCE and RHCA. When he is not busy working or studying for the next exam he writes on the blog trying to give administrators and students around the world tips and suggestion to help them succeed in their career and job.